44 matches found
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities. These vulnerabilities arise from the top-level jq program loaded via the -f parameter being truncated at the first NUL byte. This can result in the...
EUVD-2016-10841
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...
UBUNTU-CVE-2016-20043
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...
CVE-2016-20043
NRSS RSS Reader 0.3.9-1 is affected by a local stack buffer overflow. An attacker can pass an oversized argument to the -F parameter, crafting input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and execute arbitrary code. This is a local vulnerabili...
NRSS Reader 缓冲区错误漏洞
NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
php_api_doc 跨站脚本漏洞
phpapidoc is a PHP API documentation generation tool developed by Wally’s personal developer. phpapidoc has a cross-site scripting vulnerability, which stems from improper cleaning of the f parameter in the listmethod.php file. This vulnerability may lead to reflective cross-site scripting attack...
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
EUVD-2026-10080
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...
PT-2026-23758
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.155 Group-Office versions prior to 25.0.88 Group-Office versions prior to 26.0.10 Description Group-Office is a customer relationship management and groupware tool. A reflected cross-site scripting XSS issue...
CVE-2022-40123
mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system...
CVE-2015-1577
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a 1 .. dot dot or 2 full pathname in the f parameter...
CVE-2023-50760
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...